Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys Introduce time_wraps() to check if setting the time will...

details:   https://anonhg.NetBSD.org/src/rev/6da171dd9a49
branches:  trunk
changeset: 747863:6da171dd9a49
user:      elad <elad%NetBSD.org@localhost>
date:      Sat Oct 03 20:48:42 2009 +0000

description:
Introduce time_wraps() to check if setting the time will wrap it (or
close to it). Useful for secmodels.

Replace open-coded form with it in secmodel code (securelevel, keylock).

Note: I need to find a way to make secmodel_keylock.c ~<100 lines.

diffstat:

 sys/kern/kern_time.c                            |  30 +++++++++++++++++++++++-
 sys/secmodel/keylock/secmodel_keylock.c         |  18 +++-----------
 sys/secmodel/securelevel/secmodel_securelevel.c |  19 ++++-----------
 sys/sys/timevar.h                               |   3 +-
 4 files changed, 39 insertions(+), 31 deletions(-)

diffs (159 lines):

diff -r e265494f57fa -r 6da171dd9a49 sys/kern/kern_time.c
--- a/sys/kern/kern_time.c      Sat Oct 03 20:46:49 2009 +0000
+++ b/sys/kern/kern_time.c      Sat Oct 03 20:48:42 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_time.c,v 1.161 2009/09/13 18:45:11 pooka Exp $    */
+/*     $NetBSD: kern_time.c,v 1.162 2009/10/03 20:48:42 elad Exp $     */
 
 /*-
  * Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.161 2009/09/13 18:45:11 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.162 2009/10/03 20:48:42 elad Exp $");
 
 #include <sys/param.h>
 #include <sys/resourcevar.h>
@@ -1461,3 +1461,29 @@
        mutex_spin_exit(&timer_lock);
        mutex_exit(proc_lock);
 }
+
+/*
+ * Check if the time will wrap if set to ts.
+ *
+ * ts - timespec describing the new time
+ * delta - the delta between the current time and ts
+ */
+bool
+time_wraps(struct timespec *ts, struct timespec *delta)
+{
+
+       /*
+        * Don't allow the time to be set forward so far it
+        * will wrap and become negative, thus allowing an
+        * attacker to bypass the next check below.  The
+        * cutoff is 1 year before rollover occurs, so even
+        * if the attacker uses adjtime(2) to move the time
+        * past the cutoff, it will take a very long time
+        * to get to the wrap point.
+        */
+       if ((ts->tv_sec > LLONG_MAX - 365*24*60*60) ||
+           (delta->tv_sec < 0 || delta->tv_nsec < 0))
+               return true;
+
+       return false;
+}
diff -r e265494f57fa -r 6da171dd9a49 sys/secmodel/keylock/secmodel_keylock.c
--- a/sys/secmodel/keylock/secmodel_keylock.c   Sat Oct 03 20:46:49 2009 +0000
+++ b/sys/secmodel/keylock/secmodel_keylock.c   Sat Oct 03 20:48:42 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_keylock.c,v 1.2 2009/08/15 09:43:59 mbalmer Exp $ */
+/* $NetBSD: secmodel_keylock.c,v 1.3 2009/10/03 20:48:42 elad Exp $ */
 /*-
  * Copyright (c) 2009 Marc Balmer <marc%msys.ch@localhost>
  * Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -54,7 +54,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_keylock.c,v 1.2 2009/08/15 09:43:59 mbalmer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_keylock.c,v 1.3 2009/10/03 20:48:42 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -64,6 +64,7 @@
 #include <sys/mount.h>
 #include <sys/sysctl.h>
 #include <sys/vnode.h>
+#include <sys/timevar.h>
 
 #include <dev/keylock.h>
 
@@ -176,18 +177,7 @@
                        struct timespec *ts = arg1;
                        struct timespec *delta = arg2;
 
-                       /*
-                        * Don't allow the time to be set forward so far it
-                        * will wrap and become negative, thus allowing an
-                        * attacker to bypass the next check below.  The
-                        * cutoff is 1 year before rollover occurs, so even
-                        * if the attacker uses adjtime(2) to move the time
-                        * past the cutoff, it will take a very long time
-                        * to get to the wrap point.
-                        */
-                       if (keylock_position() > 1 &&
-                           ((ts->tv_sec > LLONG_MAX - 365*24*60*60) ||
-                            (delta->tv_sec < 0 || delta->tv_nsec < 0)))
+                       if (keylock_position() > 1 && time_wraps(ts, delta))
                                result = KAUTH_RESULT_DENY;
                        break;
                }
diff -r e265494f57fa -r 6da171dd9a49 sys/secmodel/securelevel/secmodel_securelevel.c
--- a/sys/secmodel/securelevel/secmodel_securelevel.c   Sat Oct 03 20:46:49 2009 +0000
+++ b/sys/secmodel/securelevel/secmodel_securelevel.c   Sat Oct 03 20:48:42 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_securelevel.c,v 1.15 2009/10/02 20:15:07 elad Exp $ */
+/* $NetBSD: secmodel_securelevel.c,v 1.16 2009/10/03 20:48:42 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
  * All rights reserved.
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.15 2009/10/02 20:15:07 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.16 2009/10/03 20:48:42 elad Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_insecure.h"
@@ -50,6 +50,7 @@
 #include <sys/sysctl.h>
 #include <sys/vnode.h>
 #include <sys/module.h>
+#include <sys/timevar.h>
 
 #include <miscfs/specfs/specdev.h>
 
@@ -242,19 +243,9 @@
                        struct timespec *ts = arg1;
                        struct timespec *delta = arg2;
 
-                       /*
-                        * Don't allow the time to be set forward so far it
-                        * will wrap and become negative, thus allowing an
-                        * attacker to bypass the next check below.  The
-                        * cutoff is 1 year before rollover occurs, so even
-                        * if the attacker uses adjtime(2) to move the time
-                        * past the cutoff, it will take a very long time
-                        * to get to the wrap point.
-                        */
-                       if (securelevel > 1 &&
-                           ((ts->tv_sec > LLONG_MAX - 365*24*60*60) ||
-                            (delta->tv_sec < 0 || delta->tv_nsec < 0)))
+                       if (securelevel > 1 && time_wraps(ts, delta))
                                result = KAUTH_RESULT_DENY;
+
                        break;
                }
 
diff -r e265494f57fa -r 6da171dd9a49 sys/sys/timevar.h
--- a/sys/sys/timevar.h Sat Oct 03 20:46:49 2009 +0000
+++ b/sys/sys/timevar.h Sat Oct 03 20:48:42 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: timevar.h,v 1.25 2009/03/29 19:21:20 christos Exp $    */
+/*     $NetBSD: timevar.h,v 1.26 2009/10/03 20:48:42 elad Exp $        */
 
 /*
  *  Copyright (c) 2005, 2008 The NetBSD Foundation.
@@ -178,6 +178,7 @@
 void   timerupcall(struct lwp *);
 void   time_init(void);
 void   time_init2(void);
+bool   time_wraps(struct timespec *, struct timespec *);
 
 extern time_t time_second;     /* current second in the epoch */
 extern time_t time_uptime;     /* system uptime in seconds */
Home | Main Index | Thread Index | Old Index